Branch: refs/heads/master Home: https://github.com/jenkinsci/git-client-plugin Commit: 883343de9f0ea1567b192510493d810e8cfa5419 https://github.com/jenkinsci/git-client-plugin/commit/883343de9f0ea1567b192510493d810e8cfa5419 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-06 (Fri, 06 Sep 2019)
Changed paths: M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java Log Message: ----------- Options should precede operands to git commands Commit: 04d2c155d19a37ae28ffe2345e0e2ccd96556b07 https://github.com/jenkinsci/git-client-plugin/commit/04d2c155d19a37ae28ffe2345e0e2ccd96556b07 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-06 (Fri, 06 Sep 2019) Changed paths: A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java Log Message: ----------- Add SECURITY-1534 tests Commit: 899123fa2eb9dd2c37137aae630c47c6be6b4b02 https://github.com/jenkinsci/git-client-plugin/commit/899123fa2eb9dd2c37137aae630c47c6be6b4b02 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-06 (Fri, 06 Sep 2019) Changed paths: M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java Log Message: ----------- [SECURITY-1534] Prevent remote execution by repo URL SECURITY-1534 reports that user input in the repository URL field is not validated sufficiently. A carefully crafted value in the URL field can allow a user with Job administration permissions to execute an arbitrary program on the Jenkins master. Sanity check the values passed as repository URL to the ls-remote and fetch commands so that user entered data cannot execute arbitrary programs on the Jenkins master. Use -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL=false to disable URL checking. Commit: 701c12c1b40d509fddbdf547818baf483b57415d https://github.com/jenkinsci/git-client-plugin/commit/701c12c1b40d509fddbdf547818baf483b57415d Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-07 (Sat, 07 Sep 2019) Changed paths: M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java M src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java Log Message: ----------- Test with remote URL checking enabled and disabled Randomize remote check test, test a subset for speed. Don't assert expected message when testing with remote URL checks disabled. The assertion messages come from command line git and vary depending on the version of git installed on the computer. Not reliable across multiple git versions. Ignore marker file existence in some tests If a test has remote URL checking disabled, then it is expected that some cases will allow the marker file to be created. Only check for the marker file when running with remote URL checking enabled. Commit: ce1b99ec62038466ee40401894bcd99901934f59 https://github.com/jenkinsci/git-client-plugin/commit/ce1b99ec62038466ee40401894bcd99901934f59 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: M pom.xml Log Message: ----------- [maven-release-plugin] prepare release git-client-2.8.5 Commit: 7d5e0b388ee4a264556c56718571caddcf793b44 https://github.com/jenkinsci/git-client-plugin/commit/7d5e0b388ee4a264556c56718571caddcf793b44 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-09 (Mon, 09 Sep 2019) Changed paths: M pom.xml Log Message: ----------- [maven-release-plugin] prepare for next development iteration Commit: 6b93d1460e4e066bb487076365e3358b75852dbc https://github.com/jenkinsci/git-client-plugin/commit/6b93d1460e4e066bb487076365e3358b75852dbc Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-12 (Thu, 12 Sep 2019) Changed paths: M src/test/java/org/jenkinsci/plugins/gitclient/GitAPITestCase.java Log Message: ----------- Ignore getAllLogEntries test result The getAllLogEntries method is deprecated. Its test depends on precise output ordering of the git command git log --all origin/master The ordering is different between command line git and JGit when two commits happen in the same second. JGit ordering is incorrect, since it should be able to resolve the predecessor and successor relationship from the relationship between the parent and child commits. However, that difference is consistently there in JGit 4.5 and in JGit 5.4. The getAllLogEntries method in this API is deprecated and its output is questionable, whether from JGit or command line git. Not valuable enough to spend more time on it. I would have deleted the test completely but is is easier and clearer to document when a test result is ignored rather than to risk someone introducing a test again without knowing why the output of the deprecated method is unreliable. Commit: 065b14c12cad4f4c357096e97db12d15e85bc058 https://github.com/jenkinsci/git-client-plugin/commit/065b14c12cad4f4c357096e97db12d15e85bc058 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-12 (Thu, 12 Sep 2019) Changed paths: M src/test/java/org/jenkinsci/plugins/gitclient/GitAPITestCase.java Log Message: ----------- Really ignore getAllLogEntries test result Commit: 55a5ac9210500022ad329f3a726fb1a566cff536 https://github.com/jenkinsci/git-client-plugin/commit/55a5ac9210500022ad329f3a726fb1a566cff536 Author: Mark Waite <mark.earl.wa...@gmail.com> Date: 2019-09-12 (Thu, 12 Sep 2019) Changed paths: M src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java M src/test/java/org/jenkinsci/plugins/gitclient/GitAPITestCase.java A src/test/java/org/jenkinsci/plugins/gitclient/GitClientSecurityTest.java Log Message: ----------- Merge branch 'stable-2.8' Compare: https://github.com/jenkinsci/git-client-plugin/compare/0da8540fbe04...55a5ac921050 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/git-client-plugin/push/refs/heads/master/0da854-55a5ac%40github.com.